Bug in claimWearableTickets Function

[mudgen]

@ItsNickBarry found a bug in the claimWearableTickets function in StakingFacet.sol.

Here's the code that contains the bug:

   function claimWearableTickets(uint256[] calldata _ids) external {
        updateFrens();
        uint256[] memory values = new uint256[](_ids.length);
        uint256 frensBal = s.accounts[msg.sender].frens;
        for (uint256 i; i < _ids.length; i++) {
            uint256 id = _ids[i];
            require(id < 6, "Staking: Wearable Ticket not found");
            uint256 cost = wearableTicketCost(id);
            values[i] = cost;
            require(frensBal >= cost, "Staking: Not enough frens points");
            frensBal -= cost;
            s.wearableTickets[id].accountBalances[msg.sender] += 1;
            s.wearableTickets[id].totalSupply += 1;
        }

The offending line is values[i] = cost; which should be values[i] = 1;.

This bug resulted in the emit TransferBatch(address(this), address(0), msg.sender, _ids, values); event emitting the wrong values argument. The bug could also potentially send the wrong value to other smart contracts.

This bug does not result in loss of funds or a frozen contract.

@ItsNickBarry is awarded 1,000 Dai for finding and reporting this bug.

The code for the claimWearableTickets function has been updated to fix the issue.

[cinnabarhorse]

This is fixed now, correct? If so can close the issue